This week on NVTC’s Blog, LMI Senior Consultant Daniel DuBravecnotes that we need to prepare for personalized medicine and the evaluation of genomic data.

Today’s electronic health record (EHR) systems cannot properly handle genomic data. Interpreting these huge and complex data, particularly in a visual manner, is challenging. Even when EHR systems can access these data, few standards exist for how to structure them to ensure seamless system integration, interoperability, and interpretation. Most medical schools do not teach doctors how to interpret genetic data, and local-level care centers require training on proper data storage and network security.

Precision medicine predicts, prevents, and treats diseases at the patient level. Its growth has created the need for internationally recognized genomic EHR standards and policies, which would protect individuals by ultimately improving patient outcomes. We need to prepare for a future in which medicine is more personalized and better able to evaluate genomic data.

Real, Inspiring Stories

Recently, I met a colleague whose daughter is suffering from a genetic condition known as Stargardt disease. Sadly, her daughter is rapidly losing her vision. This disease, a form of juvenile macular degeneration, can only appear in children when both parents carry the mutated gene. If the gene had been identified at an early stage, medical practitioners would have had more time to investigate new drug therapies and gene-editing technologies to treat my colleague’s daughter. As part of her interoperable medical genetic record, physicians at research institutions who were also working on her case could have then viewed and collaborated by using this critical information. Hitting close to home, this is one of many stories that inspire us to prepare for the widespread application of precision medicine and genomic data analysis.

Making Genomic Data Useful for Medical Practitioners

The future of patient care requires connecting large external data sets with electronic healthcare records. Precision medicine will customize treatments down to a patient’s genes and behavior. By analyzing genetic data across thousands of people, scientists will discover preventative treatments and cures for challenging health issues.

Given the complexity of health and genomic data, one can analyze the same data in different ways and achieve different outcomes. “Well-designed data visualization could help doctors interpret the data more rapidly, arriving at more challenging diagnoses in less time,” says Erin Gordon, data visualization trainer and graphic facilitator at LMI.

Before developing a framework for integrating and analyzing disparate health data sets, we test our models for validity. “The quality of our medical data models has a direct impact on patient outcomes and daily operations in medical facilities,” says Brent Auble, a consultant with the Intelligence Programs group at LMI. To support LMI’s research into healthcare data management, our team set up a Hadoop cluster, which is a group of servers designed to quickly analyze massive quantities of structured and unstructured data.

Building the Future of Healthcare Analytics

Ultimately, to meet the growth in precision medicine and the use of health data analytics, future EHR systems need to:

automatically generate comparisons of multiple genomes,

identify and match genetic variants based on known diseases,

ensure patient data privacy, and

integrate and search medical publications and scientific research for relevant patient data.

Preparation is key in order to predict, prevent, and treat disease as medicine evolves.

Dan DuBravec is a senior consultant at LMI, leading IT implementation projects. Mr. DuBravec holds multiple EHR certifications, as well as a BS in product design from Illinois State University and an MS in educational technology leadership from George Washington University.

This week on NVTC’s Blog, Business Development, Marketing & Sales Vice Chair Jenny Couch of member company Providge Consulting shares critical changes to the IT landscape that your healthcare organization needs to have on its radar.

These days, technology seems to advance too rapidly for most of us to keep up. It’s certainly moving too rapidly for organizations to keep up with every single one of the “hot” trends.

In the noisy field of today’s latest tech, it’s all too easy to get caught up in the buzzwords and lists of “This Year’s Hottest IT Trends”, and miss the truly critical changes to the IT landscape that your organization needs to have on its radar.

The healthcare industry is uniquely positioned to be impacted by a convergence of critical IT trends within the coming years. But with budgets decreasing, and resource pools shrinking, it’s more challenging than ever to prioritize IT needs within the healthcare space.

We’ve highlighted the top five technology trends healthcare organizations must have on their radar in 2016.

Cloud computing. Whether it’s a pharmaceutical company needing to store large amounts of data from clinical trials, or a hospital with a newly implemented EHR system, healthcare organizations of all kinds are increasingly turning to cloud computing for a variety of uses. According to Healthcare Informatics, the global healthcare cloud computing market is expected to reach $9.5 billion by 2020. And 83 percent of healthcare organizations are already leveraging the cloud. Only 6 percent of organizations have no plans to take advantage of the cloud in the coming years. If you’re in that 6 percent, it’s time to reconsider your plans. Cloud computing can be used to decrease costs, improve access, and create a better user experience for any healthcare organization. But, it’s critical that your organization take a strategic approach to moving to the cloud. Learn more about how you can leverage the cloud to best support your organization here.

The Internet of Things. Take a look at that FitBit on your wrist. Think about the incredible amount of data that one tiny device is generating constantly. The number of steps you take, the calories you burn, your sleep pattern, the stairs you climbed. These devices get more accurate and more intricate with every passing day. We are not far off from a future when we’ll be able to monitor nearly every aspect of our health, and the health of our loved ones without setting foot in a doctor’s office. Healthcare organizations will have to find a way to address what will be tectonic shift in how care is delivered. Communication methods will need to be established to collect the data generated by wearable and mobile devices. Methods for collecting and analyzing the influx of data will need to be developed so patterns can be identified. The manner in which treatment is delivered will have to change as we move away from the traditional doctor’s office visits, and into a world where a diagnosis can be made through analyzing the information generated through a patient’s mobile device, car, appliances, wearables, etc. And while this future may not quite be a reality, it’s coming soon, and healthcare organizations need to start preparing today.

Data Explosion. Big data. Data analytics. Whatever term you use, the unparalleled rise in the amount and accessibility of data over the past few years is certain to have a massive impact on the healthcare industry. The explosion in big data occurred so quickly that 41 percent of healthcare executives say their data volume has increased by 50 percent or more from just one year ago. 50 percent in just one year. This incredible increase in data will allow medical professionals to more quickly and more accurately diagnose patients, but as with the Internet of Things, it will require fundamental shifts in how data is managed and how care is administrated. Healthcare organizations will need to train, or hire a workforce with the right data analysis and medical skill sets. Regulations, processes, and platforms will need to be developed or implemented. Healthcare organizations who ignore this trend do so at their own peril. For as Accenture notes in a report released earlier this year for those who take advantage of the wealth of opportunity within big data, “Greater operational excellence and improved clinical outcomes await those who grasp the upside potential.”

Efficiency in IT. If you haven’t heard the phrase “Doing more with less” in the past few months, it’s probably time to climb out from under that rock you’ve been living under. With healthcare spending wildly out of control in the United States, every healthcare organization from physician’s offices to the largest hospital chains are being asked to do more with less. IT is a particularly ripe area for cutting costs, and resources. In 2016, the emphasis on doing more with less in IT will continue. Expect to see IT departments pursue options such as moving to the cloud, outsourced managed services, and bring your own device to help decrease IT operating costs.

Cybersecurity. In 2014, 42 percent of all serious data breaches occurred at healthcare organizations. Sadly, this trend is certain to continue its upward trajectory in the coming years. Healthcare organizations who have not adequately upgraded their systems, and developed a thorough cybersecurity strategy are especially vulnerable to attack. Now is time to evaluate your systems, processes, and resourcing. Make sure your organization is positioned to proactively protect against attacks where possible, and identify and respond rapidly to breaches when they do occur.

Planning your 2016 health IT projects and priorities? Looking for a partner that will truly understand the challenges you are facing and the need to ensure success? Get in touch with us today. Our experienced health IT experts know the obstacles you face, and are ready to partner with you to deliver your projects on time, and on budget in 2016 and beyond.

This post was written by Jenny Couch. Couch is a project management consultant, and Providge’s Business Development Manager. She loves efficiency, to-do lists, and delivering projects on-time and on-budget.

This week on NVTC’s blog, Kathy Stershic of member company Dialog Communications shares her final thoughts of her Brand Reputation in the Era of Data series.

Over the past few weeks, I’ve outlined 8 Principles that will help marketers protect and strengthen their brands in an era of radical change, where there is great temptation (and quite likely management pressure) to push boundaries further than ever before. Throughout this time and many preceding months, I’ve had countless conversations with people about the state of their data as well as the modern conveniences upon which they’ve come to rely. I’ve heard a Big Data expert actively advocating for stretching the law (or hinting at crossing the line) for the sake of competitive advantage. I’m sure he is not alone in that opinion. We are, all of us, currently in the Wild West.

While technology is accelerating what’s possible, the ideas outlined in the 8 Principles come back to common fundamental and timeless human needs that will outlast every wave of technology: People protecting what’s theirs, seeking respect and dignity, wanting control of their lives, enjoying freedom and avoiding harm. The brands they will choose for anything more than a one-time experience will be those who understand those concerns, and actively work to enable them.

There is more to brand reputation than being the app of the moment. Not every new thing will be transformational. But businesses who innovate as well as who truly respect their customers and actively work to earn trust stand a far greater chance of longevity than those who rely on buzz about the shiny new object, or who exploit to maximum advantage thinking the ‘sheeple’ won’t notice. It will take work. It will take awareness. It will take intention. It will take courage. And it will take leadership.

Eventually today’s Wild West will give way to a more mature market dynamic. Embracing these 8 Principles may help ensure your company is there when that time comes – or even leading the way.

This week on NVTC’s blog, Kathy Stershic of member company Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle eight: actively demonstrating respect for your customers.

The final of these 8 Principles clarifies a concept implied across the other seven. To become and remain a successful brand, businesses must actively demonstrate customer respect. Just saying ‘We respect our customers!’ is not enough. Prove it.

This can take many forms, from being transparent and honest about data collection and sharing practices to moderating your outreach below the annoyance level to integrating this attitude into your culture and policies – and many other opportunities mentioned through these posts.

Disrespectful practices were often brought up in the comments I’ve gotten. One respondent noted that “I want to feel like a vendor respects my data as much as I do.” People do not like bait-and-switch, confusing changes to privacy policies or anything that feels sneaky. They don’t like the burden of responsibility to stop something, like too much email or too many pop-ups. When everyone is tired or busy from their own lives, wearing people down or hoping they won’t notice might produce a short term win, but not long-term loyalty.

Having a straightforward dialog with your customers – even the ones who are unhappy with you – is another way to show respect. Everyone messes up – own it! Apologize, make it right and move on. If it wasn’t your fault, but there’s a small cost to making someone feel respected anyway – do it! Nordstrom figured this out a long time ago.

Nothing about customers wanting to feel respected and treated fairly is new. What is new is the exponential increase in vendor relationships enabled through technology. With the tremendous choice the modern customer enjoys, utility, benefit, quality and value are now table stakes. A differentiated and trusted experience, that includes feeling respected, is what will stand out. Someone’s choice of your product or service is a privilege. One of the best quotes from the respondent feedback sums it up: “Respect the customer and the customer will respect you.”

This week on NVTC’s blog, Alex Castelli of NVTC member CohnReznick shares how the SEC’s adoption of new crowdfunding rules could be a game changer for growth-focused businesses and investors.

The SEC’s adoption of new crowdfunding rules could be a game changer for growth-focused businesses and investors

On Oct. 30, 2015, the SEC approved final rules that permit companies to offer and sell securities through crowdfunding. The new rules provide another capital raising option for growth-oriented companies and offer additional options for investors who want to get in on the ground floor of in what could be a very successful business.

Benefits to Companies and Investors

Some of the key benefits of the SEC’s rules permitting crowdfunding or, simply put, the ability of companies to raise capital from the general public through the Internet are listed below.

Early-stage and growth companies that may be unable or unwilling to raise capital from institutional or private investors have access to another source of capital.

By offering and selling equity in their company through the Internet, companies gain a wider and more efficient distribution of the offering to a larger audience when compared to traditional sources.

Using the Internet to offer and sell securities should decrease the cost of capital

Non-accredited individual investors, previously excluded from equity crowdfunding investments, are now invited to become investors with certain limitations.

Investors have a level of protection since companies raising capital through crowdfunding will be required to utilize funding portals or registered broker dealers and will have certain disclosure requirements to investors. Additionally, funding portals that wish to participate in the crowdfunding process as an intermediary will be required to register with the SEC and become a member of FINRA.

Launching Your Crowdfunding Campaign

Even if you are a tremendously successful owner or executive, a successful crowdfunding effort will require expert marketing surrounding your efforts to raise funds. You and the members of your management team will assume the responsibility of formulating a marketing campaign to create interest in your offering. You’ll need a good story to tell investors complete with business plans, financial statements and projections.

In the crowd, you’ll be competing for investment dollars with other companies so you need to engage in strategies to elevate your offering over all others. Earning the trust and confidence of investors can lead to a successful offering. Consider activities that could strengthen your relationships with clients, customers, and even vendors. These relationships may help to support a successful crowdfunding campaign and could represent your future investors.

To launch your crowdfunding campaign, you’ll be using the services of an SEC registered broker/dealer or SEC registered crowdfunding platform or funding portal. Each will probably offer different services and fee structures. Once your customers, clients, and vendors have invested in your business, you may want to reach out to a broader base of potential investors. Getting your offer in front of the right investors will be critical to achieving your capital raising goals.

As a private company, you may not be accustomed to sharing operational and financial information publically. A successful crowdfunding campaign may require additional transparency if you are to build trust and confidence in prospective investors. If you are not comfortable sharing company information with the world, you may want to explore a more proprietary method of raising capital.

Once you have executed a successful crowdfunding campaign, you will need to have a plan on how you will continue to communicate to your new investors. How much information are you willing to share? Which rights to information will investors have? Consider creating an investor-only section on your company’s website where you can post periodic information about your company’s progress, financial results, etc. Transparency is the key if you want to keep your investors informed and hungry to make additional investment in the future.

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle seven: applying technology thoughtfully while preserving customer data.

Recently, Chapman University published the results of its survey America’s Top Fears 2015. Respondents were asked their fear level about different factors ranging from crime to disasters to their personal futures. FIVE OF THE TOP TEN THINGS PEOPLE FEAR ARE RELATED TO MIS-USE OF THEIR DATA! That includes cyber-terrorism, corporate tracking of personal information, government tracking of personal information, identity theft and credit card fraud. That’s out of 88 possible things to be afraid of!

There is a tidal wave of automation being applied to data collection and usage practices. I suggest that just because you can do something doesn’t always mean you should. We are approaching a tipping point around the creep factor of having everything that one does be tracked. People are tired of constant advertisements, witnessed by the increased adoption of ad blocking technology, and especially Apple’s recent iOS 9’s robust blocking capability for Safari – which has been heralded as the potential death of online advertising. As ads are blocked, marketers need to find other ways to get their message through, such as direct contact with mobile devices. That will require permission from each user. And that means you have to be delivering a lot of value while also showing some restraint in the level and frequency of contact.

Another interesting wrinkle is the October 6 ruling by the EU Court of Justice that struck down what is called Safe Harbor, a policy that allowed self-certification by U.S. companies to say their data protection standards were sufficient for EU citizens, who are protected by strict privacy law. Israel followed suit on Oct. 20. What happens next is yet to be determined, but everyone is scrambling to figure out how to protect their international business by the end of January grace period.

When practices get abused, people fight back or tune out. It’s human nature. In e-chatting during a webinar this week with its moderator Chris Surdak, a big data expert, (who I thought discussed unbridled capitalism more extremely than anyone I have ever heard), he noted regarding privacy that “The backlash will be epic, if we ever get there.” Hmmm. A thoughtful approach to what you collect, how you collect and use it, how long you keep what you collect, with whom you share it and what they do with it will better serve and protect your business and your brand through changes in customer sentiment and the regulatory environment.

This week on NVTC’s blog, NVTC member LMI shares how emerging technology is making it easier for agencies and their partners to share essential data, even when the organizations have different security policies and protocols.

Last week’s Virtualization in a Collaborative Information Sharing Environment Forum, sponsored by the Intelligence and National Security Alliance (INSA), shed light on how emerging technology is making it easier for agencies and their partners to share essential data, even when the organizations have different security policies and protocols.

Network virtualization, also known as software-defined networking, uses cloud-based principles and technology to provide a more efficient IT infrastructure while opening the door for different types of users to seamlessly access information for which they are authorized by law and policy.

Kshemendra Paul, who oversees the Information Sharing Environment (ISE), noted that the original vision of a single, universal cloud providing services to all federal agencies has changed. Today, ISE’s emphasis is to establish common policy to “federate trust.”

Groups with different security and access controls share many common elements around trust (i.e., business rules for issuing credentials, individual attributes, data retention), so there is a framework for a diverse range of professionals to come together and share data. Paul noted Alabama already has developed a trust framework to enable the medical and law enforcement communities to share casework data.

To move agencies to a state where users share information without being hampered by technology, the panel discussed the following.

Network virtualization

Is gaining momentum—already, the National Geospatial-Intelligence Agency is fast-tracking implementation of network virtualization and wants other agencies to join.

Could automate security policy—by using the National Institute of Standards and Technology (NIST) framework for trusted identities in cyberspace, XML could be used to translate thousands of access control policies into machine-executable code.

Offers flexibility and immediacy—agencies will be able to expand and contract networks, as needed, as well as create them and move them around rapidly.

Tightens security—patches are quickly applied, since IT departments know all the users and applications for a given network.

Key challenges for implementing virtualization include change management and security. Seamlessly sharing sensitive information between organizations often goes against the grain of agency culture. Making virtualization scalable requires a culture change.

Security remains a constant challenge. As the data grow, IT departments will need to analyze bigger and bigger data sets to find insiders behaving badly. The right security investments need to be set aside for virtualization projects.

Keith Nelson is a member of LMI’s Organizational and Human Capital Solutions group, supporting human resources IT, workforce management, succession planning, and performance management for the State Department, the Department of Homeland Security, and the General Services Administration. Mr. Nelson holds an MBA from UCLA and a Master of Journalism from UC Berkeley.

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle six: comply with all applicable laws and regulations - then exceed them.

There are a LOT of laws and regulations out there that govern data handling and privacy. They vary according to where you conduct business. The European Union has the strictest set of laws that are built on the principle of human rights. The United States has what’s called a sectoral approach, that is different laws are set for different sectors – like HIPAA for healthcare, Gramm Leach Bliley for Finance, the Cable TV Privacy Act, the Electronic Communications Privacy Act and on. In the US, 47 of 50 states also currently have data breach notification laws, all of them slightly different. Asian countries adopt data protection laws and sectoral laws. Many Latin American countries have constitutional guarantees, data protection laws, and sectoral laws. Yikes! It’s a lot to comply with – and just to keep things fun, laws and regulations are changing and updating all the time.

Realistically, marketers are not going to know every legal requirement that impacts their organization. But you should at least be aware of the basic principles of what’s allowed in the places you do business, then coordinate with Legal (I know, I know!) on how to stay out of trouble. This discovery can also happen through a process called a Privacy Impact Assessment, mentioned in my previous post.

Observing laws and regulations must be standard operating procedure. But just being compliant really isn’t enough to enhance your position in a fickle and frenetic market. Think about it this way – do you want your child to just stay out of trouble at school, or be a leader in the classroom? Where’s the attention going to go? You sure don’t want to stand out in a bad way – like being one of the 256 app providers who violated the privacy terms they contracted with Apple.

Going beyond the legal minimum and making extra effort will help your business differentiate as a trusted source. Simplified privacy policy language will help. Minimizing data collection and retention (yes, you CAN get rid of stuff!) will help. So will being transparent at all times about your practices and behaviors. Use creative ways to tell the story to your customers and stakeholders – through vignettes, through messaging, through customer service scripts – put it out there. Earning trust marks like TRUSTe really sends the message that you take data stewardship seriously.

Your customers expect you to comply with the law. They want to feel like you care and are proactive about protecting their data. I firmly believe that the great majority of people want to do the right thing; it comes back to mindfulness and balance between enthusiastic pursuit of business objectives and a bit of thoughtful restraint.

This week on NVTC’s blog, NVTC Small Business and Entrepreneur Committee Chair Norm Snyder and his colleague Andrew Newton, both of Aronson LLC, share highlights from the committee’s November event, Positioning Your Company for Acquisition, showing how a good company is bought, not sold.

On October 21, 2015, NVTC sponsored a panel of experts to discuss the topic “Positioning your Business for Acquisition”. The panel included Larry Davis, a partner in Aronson Capital Partners; Dana Duffy, the CFO of Invincea; Michael Pratt, serial entrepreneur and managing partner & co-founder of Select Venture Partners LLC; and Mark Spoto, managing director at Razor’s Edge Ventures. The event was moderated by Committee Chair Norm Snyder, lead partner in Aronson’s Technology Industry Services.

The panelists spoke to a number of questions from the moderator and members of the audience. Topics covered included timing of selling a business, including initial planning; how to minimize due diligence headaches; how to find potential buyers and the need to find more than one possible suitor; and the characteristics of potential acquisitions that potential buyers typically consider.

A significant discussion involved how long in advance a company should start planning for acquisition, with a general consensus that it varies. The panelists gave examples ranging from acquisition planning beginning six months before closing to as far out as nine years. All of the panelists emphasized that an entrepreneur should always be preparing for an acquisition in an orderly way and should reevaluate possible exit strategies at each inflexion point during the life of the business. This built into another theme common throughout discussions: sell your business while it is on its way up, not on the way down. By constantly evaluating exit strategies, especially exit timeline, an entrepreneur can weigh the benefits and costs to each exit strategy at different times during the life of the business so as to not miss a good opportunity, which may be affected by external factors such as the state of the economy, as well as internal factors such as company performance

Another big topic was how companies can minimize the headaches of due diligence work. Again there were multiple answers to this question. The panelists focused on the benefits of having quality, competent advisors throughout the life of the business. One panelist, who had been a key management member in selling several companies, stressed the importance of making important investments in administration during the life of the business as the costs of not doing so may be far greater near the time of sale if significant regulatory, compliance, tax or accounting issues emerge during the due diligence. Panelists noted that some key areas where companies can get themselves in trouble are trying to draft legal documents without an attorney, not saving electronic copes of all signed legal documents, not paying payroll taxes when due, not complying with federal, state and international tax rules (including sales taxes), not having necessary IP legal protection and by not ensuring proper accounting treatment of transactions from day one, especially for complex areas such as revenue recognition. Problems (and surprises) that arise during due diligence can reduce prices, delay closings or even kill deals.

As for valuation, the panelists stressed the importance of being able to demonstrate continuing revenue streams. One time sales are great but all of the panelists spoke to how a company that can demonstrate year over year revenue streams will be more attractive to potential buyers. The other piece to valuation was context, and in particular, the fact that entrepreneurs to ask what their company can bring to a potential buyer. In many cases a smaller company being acquired is merely a rounding error on the acquirer’s financial statements, and the attraction is the potential of the acquiree’s products or technology, including synergies with the acquirer’s existing lines of business. A key concern of the acquirer is damage to its reputation, e.g. in the event of non-compliance with regulations or a law suit. The panel emphasized the need for depth, rather than breadth in the value the potential acquiree can add to the buyer’s business. The overall conclusion was that those entrepreneurs who best determine how their companies can add value to a potential buyer, are most likely to sell, and sell at a good price.

This week on NVTC’s blog, NVTC member company Kathy Stershic of Dialog Communications continues her Brand Reputation in the Era of Data series by sharing principle five: developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors.

Hand in hand with getting your own house in order to secure customer data is developing an empathic organizational culture that understands, internalizes and practices customer-sensitive behaviors. This can be reflected in the marketing practices you adopt, the way customer data is collected and handled, and the attitude and values that are expressed and embodied from leadership through the ranks.

Several respondents in our qualitative feedback study emphasized that organizations’ observing privacy policies internally was very important to them. While most every organization has an external privacy notice (understandable or not), many companies lack a robust internal privacy policy, data management policies, or even clarity of their privacy mission and position. It is important to thoughtfully define these, then train your people, in a resonant and memorableway about these corporate values and an employee’s role in them. Reinforce the training with an ongoing internal awareness campaign. Help your team remember that behind every purchase, tweet, post, click and share is a human being and all that entails. Anyone who has something or someone to protect can understand that.

This is a foundational aspect of your organization’s personality and reputation – how do you want to be seen and regarded? Are you the respectful company? The service-oriented company? One who customers see as sneaky or arrogant? One who is so consumed with innovation and speed that they forget there are real people who will be served or potentially harmed by your invention?

Consider incenting or requiring those who work with other’s personally identifiable information, whether it belongs to customers, employees, partners, students or anyone else, to get certifications. This can help them more deeply understand the implications of what they’re working with. A colleague of mine likened this to how massage therapists are trained to respect the bodies of their customers, with their reputation and careers dependent upon following those protocols.

A best practice is to conduct what’s called a Privacy Impact Assessment (PIA) to evaluate risk in both existing and intended practices and services. There are online resources to offer you guidance (shameless commerce warning: Dialog can help with these); you will need some understanding of the legal and regulatory environment in which you operate. Then, when you objectively understand the level of risk, you can consider adjustments to your practices or plans if necessary. Those who may decline to participate should be made fully accountable for any consequences – financial or otherwise.